Blog

Working with companies of all sizes to make the most of the internet.

A client of mine has just received the following email, the asterisks hide a genuine password that the client used and the bitcoin address of the scumbag who sent the email.

I will directly come to the point. I do know ********** is your pass word. Moreover, I know your secret and I have proof of your secret. You don’t know me personally and nobody employed me to check out you.

It’s just your misfortune that I came across your misdemeanor. Let me tell you, I actually installed a malware on the adult videos (pornography) and you visited this web site to experience fun (you know what I mean). When you were busy watching video clips, your internet browser started out operating as a Rdp (Remote desktop) having a keylogger which gave me access to your screen and also web camera. Right after that, my software collected every one of your contacts from facebook, and e-mail.

I then put in more hours than I probably should’ve into your life and generated a two view video. 1st part shows the recording you were watching and second part displays the recording of your webcam (its you doing dirty things).

Honestly, I want to forget all about you and let you get on with your daily life. And I am about to offer you 2 options that will make it happen. Those two option is with the idea to ignore this letter, or simply just pay me $ 1900. Let’s investigate above two options in more detail.

First Option is to ignore this mail. Let me tell you what will happen if you choose this path. I will, no doubt send out your video recording to your entire contacts including family members, colleagues, and so forth. It doesn’t protect you from the humiliation your self will feel when friends uncover your dirty details from me.

Other Option is to send me $ 1900. We’ll name this my “confidentiality fee”. Now let me tell you what happens if you opt this choice. Your secret will remain your secret. I’ll destroy the video immediately. You keep your life as if nothing ever happened.

At this point you may be thinking, “I’ll just go to the cops”. Let me tell you, I’ve taken steps in order that this email message can’t be traced returning to me also it won’t steer clear of the evidence from destroying your health. I’m not planning to dig a hole in your pocket. I am just looking to be paid for time I put into investigating you. Let’s hope you have chosen to produce all of this disappear and pay me my confidentiality fee. You will make the payment by Bitcoins (if you don’t know this, type “how to buy bitcoins” in google)

Amount to be paid: $ 1900
Receiving Bitcoin Address: ***********************************
(It’s CASE sensitive, so you should copy and paste it)

Tell nobody what you would be sending the bitcoin for or they might not offer it to you. The task to acquire bitcoin will take a few days so do not put it off.
I have a special pixel within this email message, and at this moment I know that you’ve read this e mail. You have 24 hours to make the payment. If I do not receive the Bitcoins, I will send out your video to your contacts including friends and family, colleagues, and so on. You better come up with an excuse for friends and family before they find out. Nevertheless, if I do get paid, I’ll destroy the recording immediately. It’s a non negotiable offer, thus kindly do not ruin my time & yours. Time is running out.

Now obviously if someone you have no dealing with you knows your password its not unreasonable to believe that they might have something else on you, with the added threat of leaking some undisclosed secret to your friends and family its not surprising that people fall for scams like this, but yes it is a scam, so if you have arrived here after googling the text you can stop panicking and ignore it.
So how does it work?
Well every once in a while a company gets hacked, and if that company hasn’t done its job properly and encrypted your password their entire database of email addresses and passwords can end up being leaked onto the internet. Once its our there its simply a case of running the equivalent of a mail merge and sending an email like the one above to everyone on the list, doesn’t take many people to pay to make it worth while and bit coin is in the most part untraceable.
 To find out if you have every had your email address and password leaked head over to https://haveibeenpwned.com/ and enter your email address, there is a good chance you will see something like the screenshot below, in which case head over to any sites listed and change you password, the same goes for any other sites that you have used the same password on. While you are at haveibeenpwned.com its worth hitting the notify button, this will alert you of any future breaches your email address is included in.
The best way to avoid getting caught up in something like this is to use a unique password with each site that you visit, while that might seem like a monumental task, services like LastPass make this much easier. These services store your passwords for you and pass them to the site you are trying to access when you enter a single master password. Many also offer 2 factor authentication which means that you need to remember both the master password and have access to your phone in order to retrieve your passwords.
If you do happen to receive one of these scam emails it is recommended that you report them to Action Fraud on the link below. Action fraud is the UK’s national fraud and cyber crime reporting centre, providing a central point of contact for information about fraud and cyber crime.

Want to know more? Get in touch.